Hello @Ojha18a-0713 ,
I understand that you are trying to setup Azure point to site VPN with Azure Active Directory authentication and were trying to give admin consent to your Point to site users to be authenticated using Azure AD by visiting following URL : https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent , but receiving the "AADSTS50020" error.
As per our official doc, you need to sign in to the Azure portal as a user that is assigned the Global administrator role. If you are using a global admin account that is not native to the Azure AD tenant to provide consent, please replace “common” with the Azure AD directory id in the URL (https://login.microsoftonline.com/**common**/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent). You may also have to replace “common” with your directory id in certain other cases as well.
The Directory ID of the directory that you want to use for authentication is listed in the properties section of the Active Directory page.
Please refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant#enable-authentication
NOTE :
- Native member to Azure AD tenant is a member user or Azure AD member whose account is created via Azure AD > Users > Create user option in the tenant.
- A user not native to the Azure AD tenant means a user who is brought over from another directory as a business-to-business (B2B) collaboration guest (guest user).
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.